Many charities, particularly smaller ones, do not realise the value of the personal, financial, commercial and other data they hold to cyber criminals, according to a report by the National Cyber Security Centre (NCSC).
Charities typically do not perceive themselves as targets, but the value of the data they hold to range of cyber criminals makes them vulnerable to attack, warns a Cyber Threat Assessment report.
Richard Bingley, Executive Director of the Global Cyber Academy said: “The NCSC is to be commended for raising this very important issue. Lots of focus has been on cyber attacks impacting businesses, but it is clear in this report there are lots of human dependencies that could be impacted by cyber attacks upon charities and the vital services that they provide.”
The NCSC notes that larger charities, especially those operating like major corporations are in a better position to allocate specific cyber security responsibilities and take a proactive approach to cyber security, but the guidance applies equally to larger charities as well as small businesses.
According to the threat assessment, the culture of openness makes small charities more vulnerable to cyber fraud and extortion, with many falling victim to a range of attacks with potentially devastating consequences.
There are almost 200,000 charities registered in the UK, and the threat assessment reveals how cyber criminals are targeting their funds, supporter details and information on beneficiaries.
The guidance for small charities outlines easy and low-cost steps to protect from attacks, including advice on backing up data, using strong passwords, protecting against malware, keeping devices safe and avoiding phishing attacks.
According to the threat assessment, cyber criminals motivated by financial gain are likely to pose the most serious threat, which could have a paralysing effect on a small charity’s ability to deliver their services. One example details how a UK charity lost £13,000 after its CEO’s email account was hijacked to send a fraudulent message instructing their financial manager to release the funds, which is commonly known as business email compromise, CEO fraud, or whaling.
The assessment notes that the scale of cyber attacks against charities is unclear due to under-reporting and charities are being urged to report such crimes to Action Fraud and the Charity Commission.
Helen Stephenson, chief executive of the Charity Commission for England and Wales, said charities play a vital role in our society and so the diversion of charitable funds or assets via cyber crime for criminal purposes or personal gain is particularly damaging and shocking.
“The threat assessment confirms what we often see in our casework – unfortunately charities are not immune to fraud and cyber crime, and there are factors that can sometimes increase their vulnerability such as a lack of digital expertise, limited resources and culture of trust.
“We fully endorse the NCSC’s guide on cyber security for charities,” she said. “This will be a valuable resource to help charities protect their work, beneficiaries, funds and reputations from harm and we encourage charities of all sizes to make use of it.”
The UK government has also indicated that it is fully committed to defending against cyber threats and address the cyber skills gap to develop and grow talent. Its behavioural change campaign for cyber security, Cyber Aware, promotes simple measures to stay more secure online.
The publication of the NCSC threat assessment and guidance for charities coincides with the government’s publication of the Cyber Aware Perceptions Gap Report, which demonstrates common misconceptions that are preventing people from protecting their online security and suggests how these may be overcome.
To read the report, click on the link below: